Advanced Malware Protection Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe
How would you do security differently if you knew you were going to be hacked?
Security Challenges Changing Business Models Dynamic Threat Landscape Complexity and Fragmentation A community that hides in plain sight avoids detection and attacks swiftly 60% of data is stolen in HOURS 85% of point-of-sale intrusions aren t discovered for WEEKS 54% of breaches remain undiscovered for MONTHS 51% increase of companies reporting a $10M loss or more in the last YEAR START HOURS WEEKS MONTHS YEARS
The Reality: Organizations Are Under Attack 95% of large companies targeted by malicious traffic 100% of organizations interacted with websites hosting malware Source: 2014 Cisco Annual Security Report Cybercrime is lucrative, barrier to entry is low Hackers are smarter and have the resources to compromise your organization Malware is more sophisticated Organizations face tens of thousands of new malware samples per hour Phishing, Low Sophistication Hacking Becomes an Industry Sophisticated Attacks, Complex Landscape 1990 1995 2000 2005 2010 2015 2020 Viruses 1990 2000 Worms 2000 2005 Spyware and Rootkits 2005 Today APTs Cyberware Today +
AMP Advanced Malware Protection
The Full Attack Continuum Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Network Endpoint Mobile Virtual Cloud Email & Web Point-in-time Continuous
Point-in-Time Malware Detection Alone is not 100% Effective It will catch But only takes 99% 1% of threats to cause a breach
Cisco AMP Defends With Retrospective Security To be effective, you have to be everywhere Continuously
AMP provides contextual awareness and visibility that allows you to take control of an attack before it causes damage Who Focus on these users first What These applications are affected Where The breach impacted these areas When This is the scope of exposure over time How Here is the origin and progression of the threat
Cisco s AMP Everywhere Strategy Means Protection Across the Extended Network Virtual PC Mobile MAC AMP for Endpoints AMP for Networks AMP Private Cloud Virtual Appliance AMP Threat Grid Dynamic Malware Analysis + Threat Intelligence Engine AMP on ASA Firewall with FirePOWER Services AMP on Web & Email Security Appliances CWS AMP for Cloud Web Security & Hosted Email
NSS Labs Report Comparative Testing on Breach Detection Systems Who is NSS Labs? What was measured? What Cisco-Sourcefire products were tested? What competitor products were evaluated? NSS Labs, one of the best and most thorough independent testing bodies in the industry, performed comparative testing on Breach Detection Systems. Security Effectiveness of Breach Detection Systems HTTP/Email Malware, Exploits, Evasions, and False Positive Rate Total Cost of Ownership per protected Mbps AMP Everywhere AMP for Networks and AMP for Endpoints (TCO calculations include this set of FireAMP connectors) FirePOWER 8120 (with AMP subscription)* FireEye, AhnLab, Fortinet, TrendMicro, Fidelis BDS Methodology v1.5 [The methodology] utilizes real threats and attack methods that exist in the wild and are actually being used by cyber-criminals and other threat actors. This is the real thing, not facsimile; systems under test (SUT) are real stacks connected to a live internet feed. --NSS Labs *Dedicated AMP Appliances (AMP8150/AP7150) were not shipping at the time of the test, otherwise one would have been used
The Results Cisco AMP is a Leader in Security Effectiveness and TCO and offers Best Protection Value NSS Labs Security Value Map (SVM) for Breach Detection Systems Cisco Advanced Malware Protection Best Protection Value 99.0% Breach Detection Rating Lowest TCO per Protected- Mbps Security Effectiveness Other Products Do Not Provide Retrospective Security After a Breach TCO per Protected-Mbps
Business Impact Summary Better Protection: Before, During, After Better Visibility and Control Better Intelligence Faster Response Save Money, Time Protect Resources and Maintain Business Critical Functions Lowest TCO and Highest Security Leadership (NSS Labs)
AMP Case Studies
Are you able to defend against advanced malware? 1 Can you detect advanced malware in web and email? 2 Assess your current level of network protection 3 Assess your current level of endpoint protection
Block Threats Before They Breach Bank Case Study BEFORE Challenge Solution Result Experienced security team of 7 supporting over 120 locations needed greater intelligence to quickly identify and stop threats. Current defenses alerted personnel and logged details but did nothing to aid investigation of the issue. Augmented intrusion prevention systems with FireAMP for Endpoint. After installation of FireAMP, a targeted attack was identified and remediated in half a day. 7 days after the initial attack, new business processes and intelligences implemented by FireAMP resulted in the immediate mitigation of a second targeted attack.
Identify Scope And Remediate Impact After Breach Power Utility Case Study AFTER Challenge Solution Result The company is a frequent victim of spear fishing campaigns with indications of infection emanating from multiple sources. Added FireAMP to a system already using FirePOWER to enable them to track and investigate suspicious file activity. The company gained complete visibility into their malware infections, determined the attack vector, assessed the impact to the network and made intelligent surgical decisions for remediation in a fraction of the time than it would take to respond manually.
AMP- Demo